Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    The book teaches a range of design and analysis techniques for problems that arise in computing applications. The text encourages an understanding of the algorithm design process and an appreciation of the role of algorithms in the broader field of computer science.

    Understanding Computation explains theoretical computer science in a context you’ll recognize, helping you appreciate why these ideas matter and how they can inform your day-to-day programming.Rather than use mathematical notation or an unfamiliar academic programming language like Haskell or Lisp, this book uses Ruby in a reductionist manner to present formal semantics, automata theory, and functional programming with the lambda calculus. It’s ideal for programmers versed in modern languages, with little or no formal training in computer science.* Understand fundamental computing concepts, such as Turing completeness in languages* Discover how programs use dynamic semantics to communicate ideas to machines* Explore what a computer can do when reduced to its bare essentials* Learn how universal Turing machines led to today’s general-purpose computers* Perform complex calculations, using simple languages and cellular automata* Determine which programming language features are essential for computation* Examine how halting and self-referencing make some computing problems unsolvable* Analyze programs by using abstract interpretation and type systems

    Madhusudhan Konda provides an overview of these, including strings in switch statements, multi-catch exception handling, try-with-resource statements, the new File System API, extensions of the JVM, support for dynamically-typed languages, and the fork and join framework for task parallelism.

    But there is more power waiting to be unlockedJavaScript is capable of full objectoriented capabilities, and by applyingobject-oriented principles, best practices, and design patterns to your code, you can make it more powerful, more efficient, and easier to work with alone or as part of a team.With Pro JavaScript Design Patterns, you'll start with the basics of objectoriented programming in JavaScript applicable to design patterns, including making JavaScript more expressive, inheritance, encapsulation, information hiding, and more. With that covered, you can kickstart your JavaScript development in the second part of the book, where you'll find detail on how to implement and take advantage of several design patterns in JavaScript, including composites, decorators, facades, adapters, and many more.Each chapter is packed with realworld examples of how the design patterns are best used and expert advice on writing better code, as well as what to watch out for. Along the way you'll discover how to create your own libraries and APIs for even more efficient coding.Master the basics of objectoriented programming in JavaScript, as they apply to design patterns Apply design patterns to your kickstart your JavaScript development Work through several realworld examples What you'll learn How to apply objectoriented programming techniques in JavaScript How to take advantage of inheritance, interfaces, and encapsulation and information hiding to kickstart your JavaScript development How to implement several design patterns in your JavaScript projects, including factory, facade, bridge, composite, adapter, decorator, flyweight, proxy, command, observer, and chain of responsibility How to make your code easier to manage in a team environment, as well as on your own How to create your own libraries and APIs Who this book is forThis book will be an invaluable learning tool for any experienced JavaScript developer. Table of Contents Expressive JavaScript Interfaces Encapsulation and Information Hiding Inheritance The Singleton Pattern Chaining The Factory Pattern The Bridge Pattern The Composite Pattern The Facade Pattern The Adapter Pattern The Decorator Pattern The Flyweight Pattern The Proxy Pattern The Observer Pattern The Command Pattern The Chain of Responsibility Pattern

    But this high-level language is relatively difficult to master, even if you already know the C programming language.The 2nd edition of Practical C++ Programming is a complete introduction to the C++ language for programmers who are learning C++. Reflecting the latest changes to the C++ standard, this 2nd edition takes a useful down-to-earth approach, placing a strong emphasis on how to design clean, elegant code.In short, to-the-point chapters, all aspects of programming are covered including style, software engineering, programming design, object-oriented design, and debugging. It also covers common mistakes and how to find (and avoid) them. End of chapter exercises help you ensure you've mastered the material.Practical C++ Programming thoroughly covers: C++ Syntax Coding standards and style Creation and use of object classes Templates Debugging and optimization Use of the C++ preprocessor File input/output Steve Oualline's clear, easy-going writing style and hands-on approach to learning make Practical C++ Programming a nearly painless way to master this complex but powerful programming language.

    It has become popular in recent years because of its simplicity, conciseness, and clarity. This book teaches functional programming as a way of thinking and problem solving, using Haskell, the most popular purely functional language. Rather than using the conventional (boring) mathematical examples commonly found in other programming language textbooks, the author uses examples drawn from multimedia applications, including graphics, animation, and computer music, thus rewarding the reader with working programs for inherently more interesting applications. Aimed at both beginning and advanced programmers, this tutorial begins with a gentle introduction to functional programming and moves rapidly on to more advanced topics. Details about progamming in Haskell are presented in boxes throughout the text so they can be easily found and referred to.

    Users demand software that is well-behaved, good-looking, and easy to use. Your clients or managers demand originality and a short time to market. Your UI technology -- web applications, desktop software, even mobile devices -- may give you the tools you need, but little guidance on how to use them well.UI designers over the years have refined the art of interface design, evolving many best practices and reusable ideas. If you learn these, and understand why the best user interfaces work so well, you too can design engaging and usable interfaces with less guesswork and more confidence.Designing Interfaces captures those best practices as design patterns -- solutions to common design problems, tailored to the situation at hand. Each pattern contains practical advice that you can put to use immediately, plus a variety of examples illustrated in full color. You'll get recommendations, design alternatives, and warnings on when not to use them.Each chapter's introduction describes key design concepts that are often misunderstood, such as affordances, visual hierarchy, navigational distance, and the use of color. These give you a deeper understanding of why the patterns work, and how to apply them with more insight.A book can't design an interface for you -- no foolproof design process is given here -- but Designing Interfaces does give you concrete ideas that you can mix and recombine as you see fit. Experienced designers can use it as a sourcebook of ideas. Novice designers will find a roadmap to the world of interface and interaction design, with enough guidance to start using these patterns immediately.

    Booch illustrates essential concepts, explains the method, and shows successful applications in a variety of fields. Booch also gives pragmatic advice on a host of issues, including classification, implementation strategies, and cost-effective project management. A two-time winner of Software Development's coveted Jolt Cola Product Excellence Award!

    You'll learn techniques for implementing specific Web technologies and patterns to solve the needs of a typical company as it grows from modest beginnings to become a global enterprise.Learn basic Web techniques for application integrationUse HTTP and the Web’s infrastructure to build scalable, fault-tolerant enterprise applicationsDiscover the Create, Read, Update, Delete (CRUD) pattern for manipulating resourcesBuild RESTful services that use hypermedia to model state transitions and describe business protocolsLearn how to make Web-based solutions secure and interoperableExtend integration patterns for event-driven computing with the Atom Syndication Format and implement multi-party interactions in AtomPubUnderstand how the Semantic Web will impact systems design

    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    You d be up to your neck in normal forms before you even had a chance to wade. When Michael J. Hernandez needed a database design book to teach mere mortals like himself, there were none. So he began a personal quest to learn enough to write one. And he did.Now in its Second Edition, Database Design for Mere Mortals is a miracle for today s generation of database users who don t have the background -- or the time -- to learn database design the hard way. It s also a secret pleasure for working pros who are occasionally still trying to figure out what they were taught.Drawing on 13 years of database teaching experience, Hernandez has organized database design into several key principles that are surprisingly easy to understand and remember. He illuminates those principles using examples that are generic enough to help you with virtually any application.Hernandez s goals are simple. You ll learn how to create a sound database structure as easily as possible. You ll learn how to optimize your structure for efficiency and data integrity. You ll learn how to avoid problems like missing, incorrect, mismatched, or inaccurate data. You ll learn how to relate tables together to make it possible to get whatever answers you need in the future -- even if you haven t thought of the questions yet.If -- as is often the case -- you already have a database, Hernandez explains how to analyze it -- and leverage it. You ll learn how to identify new information requirements, determine new business rules that need to be applied, and apply them.Hernandez starts with an introduction to databases, relational databases, and the idea and objectives of database design. Next, you ll walk through the key elements of the database design process: establishing table structures and relationships, assigning primary keys, setting field specifications, and setting up views. Hernandez s extensive coverage of data integrity includes a full chapter on establishing business rules and using validation tables.Hernandez surveys bad design techniques in a chapter on what not to do -- and finally, helps you identify those rare instances when it makes sense to bend or even break the conventional rules of database design.There s plenty that s new in this edition. Hernandez has gone over his text and illustrations with a fine-tooth comb to improve their already impressive clarity. You ll find updates to reflect new advances in technology, including web database applications. There are expanded and improved discussions of nulls and many-to-many relationships; multivalued fields; primary keys; and SQL data type fields. There s a new Quick Reference database design flowchart. A new glossary. New review questions at the end of every chapter.Finally, it s worth mentioning what this book isn t. It isn t a guide to any specific database platform -- so you can use it whether you re running Access, SQL Server, or Oracle, MySQL or PostgreSQL. And it isn t an SQL guide. (If that s what you need, Michael J. Hernandez has also coauthored the superb SQL Queries for Mere Mortals). But if database design is what you need to learn, this book s worth its weight in gold. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

    Author Steve Souders, in his job as Chief Performance Yahoo!, collected these best practices while optimizing some of the most-visited pages on the Web. Even sites that had already been highly optimized, such as Yahoo! Search and the Yahoo! Front Page, were able to benefit from these surprisingly simple performance guidelines.The rules in High Performance Web Sites explain how you can optimize the performance of the Ajax, CSS, JavaScript, Flash, and images that you've already built into your site -- adjustments that are critical for any rich web application. Other sources of information pay a lot of attention to tuning web servers, databases, and hardware, but the bulk of display time is taken up on the browser side and by the communication between server and browser. High Performance Web Sites covers every aspect of that process.Each performance rule is supported by specific examples, and code snippets are available on the book's companion web site. The rules include how to: Make Fewer HTTP RequestsUse a Content Delivery NetworkAdd an Expires HeaderGzip ComponentsPut Stylesheets at the TopPut Scripts at the BottomAvoid CSS ExpressionsMake JavaScript and CSS ExternalReduce DNS LookupsMinify JavaScriptAvoid RedirectsRemove Duplicates ScriptsConfigure ETagsMake Ajax CacheableIf you're building pages for high traffic destinations and want to optimize the experience of users visiting your site, this book is indispensable.If everyone would implement just 20% of Steve's guidelines, the Web would be adramatically better place. Between this book and Steve's YSlow extension, there's reallyno excuse for having a sluggish web site anymore.-Joe Hewitt, Developer of Firebug debugger and Mozilla's DOM InspectorSteve Souders has done a fantastic job of distilling a massive, semi-arcane art down to a set of concise, actionable, pragmatic engineering steps that will change the world of web performance.-Eric Lawrence, Developer of the Fiddler Web Debugger, Microsoft Corporation

    Who are these people, what motivates them, and why should you care?Consider these facts: Everything around us is turning into computers. Your typewriter is gone, replaced by a computer. Your phone has turned into a computer. So has your camera. Soon your TV will. Your car was not only designed on computers, but has more processing power in it than a room-sized mainframe did in 1970. Letters, encyclopedias, newspapers, and even your local store are being replaced by the Internet.Hackers & Painters: Big Ideas from the Computer Age, by Paul Graham, explains this world and the motivations of the people who occupy it. In clear, thoughtful prose that draws on illuminating historical examples, Graham takes readers on an unflinching exploration into what he calls “an intellectual Wild West.”The ideas discussed in this book will have a powerful and lasting impact on how we think, how we work, how we develop technology, and how we live. Topics include the importance of beauty in software design, how to make wealth, heresy and free speech, the programming language renaissance, the open-source movement, digital design, internet startups, and more.

    At long last you'll be united with the programming language you've been longing for: Clojure!As a Lisp-style functional programming language, Clojure lets you write robust and elegant code, and because it runs on the Java Virtual Machine, you can take advantage of the vast Java ecosystem. Clojure for the Brave and True offers a "dessert-first" approach: you'll start playing with real programs immediately, as you steadily acclimate to the abstract but powerful features of Lisp and functional programming. Inside you'll find an offbeat, practical guide to Clojure, filled with quirky sample programs that catch cheese thieves and track glittery vampires.Learn how to: Wield Clojure's core functions Use Emacs for Clojure development Write macros to modify Clojure itself Use Clojure's tools to simplify concurrency and parallel programmingClojure for the Brave and True assumes no prior experience with Clojure, the Java Virtual Machine, or functional programming. Are you ready, brave reader, to meet your true destiny? Grab your best pair of parentheses—you're about to embark on an epic journey into the world of Clojure!